htaccess Protection for admincp & any dir
 

this is a very simple hack
its only main function is to add htaccess protection for any dir by adding some small lines in the begining of Dir's index

our application will be on admincp's index (index.php)

Description: This hack will add htaccess protection to any folder by adding small lines in its index.php file & the user name & password for this protection is determined by two varables in the same file & if the data entered was wrong, the page will give a black background with a title (Unauthorized) & a content says (Enter Here Only) when clicking it, it will direct to forum's root (index.php by default), this means douple security (likes Look THIS.

Please Note: The Default User Name & Paaaword for entering through this Protection Is (User: 123 / Pass: 321) See the last two line to know how to change this values

installation:
open the file index.php present in the dir admincp & search for the following code:
& put under it the following code:

Note 1: change the values of the two variables $phpkd['username'] / $phpkd['password'] to the username & password needed & note not to change this $index['public'] = $index['public'];

Note 2: This Protection Gives the authority for entering to onnly the username & passord defined in the file (above modification) & after passing through this htaccess protection you will find the Normal vbulletin admincp login screen & then you can go with the normal admin data recorded in the forum itself.

Hope I have explained enough for beginners.

Nice work, isn't the admincp already protected enough though?

You can never protect your forum enough. Very nice work and this will be getting used by me. Thanks

Apperentally vBulletin Developers don't think so :p

http://www.vbulletin.com/forum/admincp

Looks like they do now!

I used to as well. I don't anymore because it's annoying. =P

this is great m8 well done, could this be changed to add to say a forum on our site, where different usergroup needs access to a forum

i don't no why, but doesnt work for me on 3.5.3 :(

you can do this via your Cpanel's too..

And, yes can never have enuff.

This is for extra protection

Blackbeard ===> Till now I can't find any way to get data from database
but i'm searching & trying for that

Moosa ===> It must work fine coz it doesn't depend on the vbulletin code, its Related to PHP Language as general, so u must follow my steps carefully & u will get it right.

It Doesn't Work On My VB3.53

I added this to my 3.5.3 and when I entered my username and password it was not being recognized. The box just kept popping back up and then I got taken to the "enter here" screen. uninstalled.

Uninstalled also. You Probably need to give better or more detailed instructions.

Topis has been Rewritten
Read It carefully

so basically, this only gives 1 person access to the ACP? That would be the person, whose username and password you put in the index.php

yes
its exactly as you said

any way to read from database ?

Till now I have no Idea but i'm searching for that

this is great how hard would it be to add an on / off switch in your admin cp for this? aka, lets say you could turn it off when your working on your site, but then afterwards turn this feature on in the admin, for when your not doing regular work on the fourm? as an example :D

Thanks for the mod, works fine.

*install*

yes its hard till now (at least for me) may be some one else have a better solution & can improve this.

sounds its nice & help to make acp more secure

kliked install.

To use this with .htaccess is only possible if the apache server has been compiled with mod_auth_mysql or has it as loadable module.

Find out more about .htaccess and mod_auth_mysql here:
http://www.widexl.com/scripts/docume...tml#auth_mysql

Thats Great
But what about Servers That Hasn't mod_auth_mysql Module Istalled & have not SSH Access & not having intense to install any modules ? Is there Any Way ?

is it possible to do it as same as vb.com? plzzzzzzzzzzzzzzzzzzzzzzzzz.. I meant it 'll load a error page named authentication faild.. Like...

You hav failed to authenticate ur identity.. U r now autometically redirect to forum index..

/me clicks install

P.S: I'm using vB 3.5.3.. It seems not working :ermm:

nice!!!
installed! :)

No, if the module ist not available the apache server cannot connect to a mysql database.

If your provider allows it, you can do that by adding this line into your existing .htaccess file in the document_root of your apache server. If no .htaccess file exists, just create one. Afterwards you have to place a self-made 401.html oder 401.php or whatever file in your document_root, to get it work.

If you choose to create a directory for your custom apache errorpages like errorpages in your document_root the line has to look like this
or
depending on what filetype you want to use.

You can create custom errorpages for every http-errorcode like 404 (not found), 500 (script error) and so on...

Dear j.jacobsen..
Thnx for the solution.. As I use Custom HTML Error Page hack I allready hav the error page.. So I just need to change the code..
Question is whr to change the code to call the 500 error page?

Hav anybody try it successfully in vB 3.5.3? Coz mine isn't working :(..

Dear Shuvo This Hack isn't Depending On Your vBulletin version or bulletin tybe at all

its a server side work depends on your apache

You Must observe that the Default value (User: 123 / Pass: 321) & Not as recorded in the database & this has been mentioned in the thread's first post

regarding to changing the error page to error 500 you must change the following line
HTTP/1.0 401 Unauthorized
& it will do that for you


any questions I'm here For answers
best wishes

Okiz SolidSnake@GTI I hav a question.. I'm a really dumb abt this coding thing.. So I'll b glad if u help me out.. If I wanna use..
User: Shuvo
Pass: golpo

& call 500/501 error page.. Thn what 'll the xact code? Would u plz write it for me here? Plz..

Note: Sorry my english :confused:

hey
I tried the code with error pages & Only the 401 error success & other not

So you may use it as 401 error & regarding to the User: Shuvo Pass: golpo
Take the following code:

dont know the reason but its not working.. Asking for pass randomly.. :(

If I have 2 admins then It doesn't work !!! :disappointed:

Yaiiiiiiiiiiiiii.. i did it.. But with .httaccess..

try http://www.golpo.net/forum/admincp/index.php :D:D:D

thats possible also

you can post it here, I think it will be usefull for some

or you could have just used this for each folder
order allow,deny
allow from all
deny from ip1 , ip2, ip3, etc

Is there a code to only allow certain IP's?

I tried those tools. generated the info, uploaded the files in ASCII and i know the info was right i was typing in, it was in the right directory, but it justkept popping up as if i was putting in the wrong login info - but i know i wasnt...


For this hack - i put the code into my index.php (main root index.php) and it works - Is this as secure as using a seperate .htaccess file? if so then it works great and i would like to use it.

I tested it and put in the wrong info to get the enter here onl page, once i hit that the login window that comes up has this info in it

Where can i edit that? that certainly is not the host of our servers info so wondering where that is coded.... (i asked the host and he has no idea where that info would be pulled from...)

But bro.. Mine works fine.. here is some info..

http://www.vbulletin.com/forum/admincp
http://www.golpo.net/forum/admincp

http://www.vbulletin.com/forum/modcp
http://www.golpo.net/forum/modcp

http://www.vbulletin.com/forum/includes
http://www.golpo.net/forum/includes

http://www.vbulletin.com/forum/install
http://www.golpo.net/forum/install

:).. So I prefer .htaccess.. Newayz did u upload the .htaccess & .htpasswd in the right directory? If so thn it should work.. Did u use the encoded pass in .htpasswd ?